Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

julianps

macrumors regular
Original poster
Aug 6, 2006
104
16
Wales, UK
I want to buy an external drive. I should consider access and security. With all mainstream brands offering hardware encryption it should be easy, but when it comes to d/l install their software it’s either not 256-bit, not for APFS, or not for Mac at all. Basically, if I want ‘physical’ security I should store it in a safe. Which is do-able.

I could format the drive as APFS/encrypted, or create an encrypted disk image, or create an an encrypted disk image on an encrypted drive. Or format as regular APFS then have the Finder encrypted it (FileVault?). Or all three ….

i guess Q is, why are there so many, seemingly overlapping, options?
 
"Basically, if I want ‘physical’ security I should store it in a safe. Which is do-able."

If "safe-keeping" it this way is truly "do-able", then that's what I'd recommend. Don't encrypt it.

You WANT your data on an external drive to be "easy to get at".

Encrypt it, and that may result in NOT being able to get at it yourself, in a "moment of need".
(I realize there are valid cases for using encryption in some circumstances)

Encryption might make data recovery all-but impossible, if you ever have problems with the drive.

One other thing:
If this drive is to be used for data ONLY (no bootable OS on the drive), I'd recommend that you use HFS+ (in disk utility, this is called "Mac OS extended with journaling enabled, GUID partition format) rather than APFS.

Platter-based drives, especially, should still use HFS+ where possible.

Reason:
Again, a drive in HFS+ can often be repaired (if necessary) by 3rd-party software tools. APFS... all but impossible (Apple never released full specs on APFS).
 
"Basically, if I want ‘physical’ security I should store it in a safe. Which is do-able."

If "safe-keeping" it this way is truly "do-able", then that's what I'd recommend. Don't encrypt it.

You WANT your data on an external drive to be "easy to get at".

Encrypt it, and that may result in NOT being able to get at it yourself, in a "moment of need".
(I realize there are valid cases for using encryption in some circumstances)

Encryption might make data recovery all-but impossible, if you ever have problems with the drive.

One other thing:
If this drive is to be used for data ONLY (no bootable OS on the drive), I'd recommend that you use HFS+ (in disk utility, this is called "Mac OS extended with journaling enabled, GUID partition format) rather than APFS.

Platter-based drives, especially, should still use HFS+ where possible.

Reason:
Again, a drive in HFS+ can often be repaired (if necessary) by 3rd-party software tools. APFS... all but impossible (Apple never released full specs on APFS).
All good points - in my data safe I need to be careful of humidity, but I can resolve that with silica gel. Although I have FileVault on my internal storage, my time machine backups are unencrypted, for the reasons you cite. But those drives are kept in a secure environment where a portable drive is, well, portable and exposed to the risk of loss.
 
Don’t use vendor software for any reason! It’s not necessary. If you buy a drive that comes with it, let it die when you reformat the device for your Mac. Don’t download or install any drivers. Just use FileVault for your encryption. It will always be supported and maintained. And…never lose your encryption key.
 
  • Like
Reactions: julianps
As a Q and because I never thought about it; how is FileVault applied to an external USB/TB3 drive?
 
One other thing:
If this drive is to be used for data ONLY (no bootable OS on the drive), I'd recommend that you use HFS+ (in disk utility, this is called "Mac OS extended with journaling enabled, GUID partition format) rather than APFS.

Platter-based drives, especially, should still use HFS+ where possible.

Reason:
Again, a drive in HFS+ can often be repaired (if necessary) by 3rd-party software tools. APFS... all but impossible (Apple never released full specs on APFS).
Just so we balance in these opinions:

Use APFS format and not HFS+. And with HDD, as well as SSD.

Reasons:
APFS is much more flexible.
APFS is more reliable. HFS+ is forever needing to be repaired - APFS isn't.
 
  • Like
Reactions: chrfr
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.